Human error is often blamed for being the most vulnerable part of a security environment, security operations authority Arctic Wolf says in its new Threat Report, but the security provider’s data and research shows something quite different.
Arctic Wolf has determined that just a handful of attack vectors and vulnerabilities were responsible for a significant portion of incidents it responded to over the last 12 months. Phishing, historic compromise and social engineering were the most prevalent.
Where's the Malware Coming From?
Artic Wolf found that 72% of malware disruption comes from outside an organization, mainly software exploits, remote access hijack and misconfiguration. The remainder owes to internal mistakes from unpatched vulnerabilities.
Many of the emerging attack techniques demonstrate a higher level of threat actor sophistication, geared to evade traditional defenses, according to Daniel Thanos, vice-president, Arctic Wolf Labs.
"Organizations need to advance their threat protection beyond the basics to secure their data,” he said.
Arctic Wolf's Chilling Threat Report
Findings of note from the Arctic Wolf Labs Threat Report include:
- Business Email Compromise (BEC) attacks accounted for over a quarter (29%) of Arctic Wolf’s incident response cases last year; 58% of victim organizations failed to have their multi-factor authentication (MFA) enabled.
- Russia’s invasion of Ukraine significantly disrupted cyber threat activity in both countries. The conflict influenced a 26% year-over-year decline in observed ransomware cases globally.
- LockBit became the dominant ransomware group. The e-crime organization had 248% more victims than BlackCat (ALPHV), the second most active group.
- Vulnerabilities in Microsoft Exchange (ProxyShell) and Log4j (Log4Shell) continue to be the top two root points of compromise (RPOC) for Arctic Wolf’s incident response cases.
- $500,000 was the median initial ransom demand across all industries.
- Vulnerabilities caused 45% of incidents, which could have been fixed through available security patches and updates.